[go: up one dir, main page]

CN110741613A - A method, device, storage medium and system for identifying an encrypted data stream - Google Patents

A method, device, storage medium and system for identifying an encrypted data stream Download PDF

Info

Publication number
CN110741613A
CN110741613A CN201780091924.9A CN201780091924A CN110741613A CN 110741613 A CN110741613 A CN 110741613A CN 201780091924 A CN201780091924 A CN 201780091924A CN 110741613 A CN110741613 A CN 110741613A
Authority
CN
China
Prior art keywords
authentication
application identifier
data stream
encrypted data
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780091924.9A
Other languages
Chinese (zh)
Other versions
CN110741613B (en
Inventor
唐海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN110741613A publication Critical patent/CN110741613A/en
Application granted granted Critical
Publication of CN110741613B publication Critical patent/CN110741613B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/25Maintenance of established connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • H04W80/10Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例提供了一种加密数据流的识别方法、设备、可读存储介质及系统;该方法可以应用于核心网设备,所述方法包括:接收用户设备UE发送的承载有鉴权数据的数据包;其中,所述鉴权数据包括第一鉴权参数、第一鉴权结果以及应用标识;基于所述第一鉴权参数和第二鉴权参数,按照设定的鉴权算法获得第二鉴权结果;其中,所述第二鉴权参数为预存的所述应用标识对应的鉴权参数;当所述第二鉴权结果与所述第一鉴权结果比对一致时,则建立所述数据包的网络协议IP五元组与所述应用标识之间的关联关系;其中,所述关联关系用于后续对所述UE发送的与所述应用标识对应的加密数据流进行识别。

Figure 201780091924

Embodiments of the present invention provide a method, device, readable storage medium, and system for identifying an encrypted data stream; the method can be applied to core network equipment, and the method includes: receiving a message carrying authentication data sent by a user equipment UE data packet; wherein, the authentication data includes a first authentication parameter, a first authentication result and an application identifier; based on the first authentication parameter and the second authentication parameter, the first authentication algorithm is obtained according to the set authentication algorithm. Two authentication results; wherein, the second authentication parameter is the pre-stored authentication parameter corresponding to the application identifier; when the second authentication result is consistent with the first authentication result, then establish The association relationship between the network protocol IP quintuple of the data packet and the application identifier; wherein, the association relationship is used to subsequently identify the encrypted data stream corresponding to the application identifier sent by the UE.

Figure 201780091924

Description

PCT国内申请,说明书已公开。PCT domestic application, the description has been published.

Claims (33)

PCT国内申请,权利要求书已公开。PCT domestic application, the claims have been published.
CN201780091924.9A 2017-10-16 2017-10-16 Method, device, storage medium and system for identifying encrypted data stream Active CN110741613B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/106349 WO2019075608A1 (en) 2017-10-16 2017-10-16 Method and device for identifying encrypted data stream, storage medium, and system

Publications (2)

Publication Number Publication Date
CN110741613A true CN110741613A (en) 2020-01-31
CN110741613B CN110741613B (en) 2021-01-12

Family

ID=66173068

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201780091924.9A Active CN110741613B (en) 2017-10-16 2017-10-16 Method, device, storage medium and system for identifying encrypted data stream
CN201880038900.1A Active CN110771116B (en) 2017-10-16 2018-05-03 Method, device, storage medium and system for identifying encrypted data stream

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201880038900.1A Active CN110771116B (en) 2017-10-16 2018-05-03 Method, device, storage medium and system for identifying encrypted data stream

Country Status (4)

Country Link
US (1) US11418951B2 (en)
EP (1) EP3668043A4 (en)
CN (2) CN110741613B (en)
WO (2) WO2019075608A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113674455A (en) * 2021-08-13 2021-11-19 京东科技信息技术有限公司 Intelligent door lock remote control method, device, system, equipment and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7075495B2 (en) * 2018-04-05 2022-05-25 テレフオンアクチーボラゲット エルエム エリクソン(パブル) Wireless resource settings
CN113193932B (en) * 2019-09-27 2022-08-23 腾讯科技(深圳)有限公司 Method performed by network node and corresponding network node
CN113923717B (en) * 2020-07-07 2024-05-31 中国移动通信有限公司研究院 Data transmission method, device and equipment
CN112671661A (en) * 2020-12-24 2021-04-16 广州市网优优信息技术开发有限公司 Internet of things data transmission method and system
EP4437747A1 (en) * 2021-11-26 2024-10-02 Abb Schweiz Ag Method for device commissioning in a network system and network system

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050210234A1 (en) * 2004-03-17 2005-09-22 Best Fiona S Reach-back communications terminal with selectable networking options
CN101668016A (en) * 2009-09-30 2010-03-10 华为技术有限公司 Authentication method and device
CN102893695A (en) * 2010-05-13 2013-01-23 日本电气株式会社 Gateway device, base station, mobile management server, and communication method
CN103414709A (en) * 2013-08-02 2013-11-27 杭州华三通信技术有限公司 User identity binding and user identity binding assisting method and device
CN103596166A (en) * 2012-08-13 2014-02-19 电信科学技术研究院 An identifier mapping method and apparatus and a policy control method
CN104038389A (en) * 2014-06-19 2014-09-10 高长喜 Multiple application protocol identification method and device
CN105592449A (en) * 2014-10-20 2016-05-18 中国电信股份有限公司 Service identification method and system
CN105915396A (en) * 2016-06-20 2016-08-31 中国联合网络通信集团有限公司 Home network traffic recognition system and method
US20160262021A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Sponsored connectivity to cellular networks using existing credentials
US20170126564A1 (en) * 2015-04-13 2017-05-04 Ajit Ramachandra Mayya Method and system of application-aware routing with crowdsourcing

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6948060B1 (en) * 2000-08-11 2005-09-20 Intel Corporation Method and apparatus for monitoring encrypted communication in a network
US7778194B1 (en) 2004-08-13 2010-08-17 Packeteer, Inc. Examination of connection handshake to enhance classification of encrypted network traffic
US7562211B2 (en) * 2005-10-27 2009-07-14 Microsoft Corporation Inspecting encrypted communications with end-to-end integrity
US8875236B2 (en) * 2007-06-11 2014-10-28 Nokia Corporation Security in communication networks
CN101714952B (en) * 2009-12-22 2012-03-07 北京邮电大学 Method and device for identifying traffic of access network
CN102111263A (en) * 2011-02-21 2011-06-29 山东中孚信息产业股份有限公司 Data stream encryption method
CN102137022B (en) * 2011-04-01 2013-11-06 华为技术有限公司 Method for identifying information of data packet, crawler engine and network system
CN103428643A (en) * 2012-05-17 2013-12-04 大唐移动通信设备有限公司 Method and device for dynamic restructuring
US9451455B2 (en) * 2012-06-11 2016-09-20 Blackberry Limited Enabling multiple authentication applications
WO2014193278A1 (en) * 2013-05-29 2014-12-04 Telefonaktiebolaget L M Ericsson (Publ) Gateway, client device and methods for facilitating communcation between a client device and an application server
GB2518257A (en) * 2013-09-13 2015-03-18 Vodafone Ip Licensing Ltd Methods and systems for operating a secure mobile device
EP2890073A1 (en) * 2013-12-31 2015-07-01 Gemalto SA System and method for securing machine-to-machine communications
CN105099930B (en) * 2014-05-21 2019-07-09 新华三技术有限公司 Encrypting traffic flow control methods and device
KR101663401B1 (en) * 2015-01-05 2016-10-06 주식회사 퓨쳐시스템 Apparatus and method for analyzing the packet by the kernel encrypted with secure socket layer
CN107317674B (en) * 2016-04-27 2021-08-31 华为技术有限公司 Key distribution, authentication method, device and system
CN106209775B (en) * 2016-06-24 2019-05-24 深圳信息职业技术学院 A kind of application type recognition methods of SSL encryption network flow and device
US10530811B2 (en) * 2016-08-11 2020-01-07 Vm-Robot, Inc. Routing systems and methods
US10715510B2 (en) * 2017-01-16 2020-07-14 Citrix Systems, Inc. Secure device notifications from remote applications
US10367811B2 (en) * 2017-10-06 2019-07-30 Stealthpath, Inc. Methods for internet communication security
US10630642B2 (en) * 2017-10-06 2020-04-21 Stealthpath, Inc. Methods for internet communication security
US10397186B2 (en) * 2017-10-06 2019-08-27 Stealthpath, Inc. Methods for internet communication security

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050210234A1 (en) * 2004-03-17 2005-09-22 Best Fiona S Reach-back communications terminal with selectable networking options
CN101668016A (en) * 2009-09-30 2010-03-10 华为技术有限公司 Authentication method and device
CN102893695A (en) * 2010-05-13 2013-01-23 日本电气株式会社 Gateway device, base station, mobile management server, and communication method
CN103596166A (en) * 2012-08-13 2014-02-19 电信科学技术研究院 An identifier mapping method and apparatus and a policy control method
CN103414709A (en) * 2013-08-02 2013-11-27 杭州华三通信技术有限公司 User identity binding and user identity binding assisting method and device
CN104038389A (en) * 2014-06-19 2014-09-10 高长喜 Multiple application protocol identification method and device
CN105592449A (en) * 2014-10-20 2016-05-18 中国电信股份有限公司 Service identification method and system
US20160262021A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Sponsored connectivity to cellular networks using existing credentials
US20170126564A1 (en) * 2015-04-13 2017-05-04 Ajit Ramachandra Mayya Method and system of application-aware routing with crowdsourcing
CN105915396A (en) * 2016-06-20 2016-08-31 中国联合网络通信集团有限公司 Home network traffic recognition system and method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
OPPO: "Solution for UE assisted encrypted traffic detection", 《3GPP TSG SA WG2 MEETING #127 S2-181974》 *
OPPO: "Solution for UE assisted encrypted traffic detection", 《3GPP TSG SA WG2 MEETING #127 S2-183209》 *
OPPO: "Solution for UE assisted encrypted traffic detection", 《3GPP TSG SA WG2 MEETING #127 S2-184009》 *
SOLUTION FOR UE ASSISTED ENCRYPTED TRAFFIC DETECTION: "OPPO", 《3GPP TSG SA WG2 MEETING #127 S2-180376》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113674455A (en) * 2021-08-13 2021-11-19 京东科技信息技术有限公司 Intelligent door lock remote control method, device, system, equipment and storage medium
CN113674455B (en) * 2021-08-13 2023-08-04 京东科技信息技术有限公司 Remote control method, device, system, equipment and storage medium for intelligent door lock

Also Published As

Publication number Publication date
EP3668043A4 (en) 2020-10-07
WO2019075608A1 (en) 2019-04-25
CN110771116A (en) 2020-02-07
EP3668043A1 (en) 2020-06-17
CN110771116B (en) 2021-02-26
CN110741613B (en) 2021-01-12
US20200245136A1 (en) 2020-07-30
WO2019076000A1 (en) 2019-04-25
US11418951B2 (en) 2022-08-16

Similar Documents

Publication Publication Date Title
CN110741613A (en) A method, device, storage medium and system for identifying an encrypted data stream
US11290382B2 (en) Efficient policy enforcement for downlink traffic using network access tokens—control-plane approach
CN109314662A (en) Data transmission method and device
JP2018505620A5 (en) Communication system and authentication method
CN110574406A (en) Key configuration method, device and system
JP2018509090A5 (en)
JP2016526337A5 (en)
JP2016136724A5 (en)
CN109792389A (en) Access the method and access gateway network element of fixed network
CN109314675A (en) A method, device and system for determining network slice
CN109691168A (en) A method, device and system for processing control signaling
CN109314723A (en) A method, device and terminal for realizing data service
CN109417492A (en) A network function NF management method and NF management device
CN110622558A (en) Switching method, access network equipment and terminal equipment
CN110392998A (en) A kind of data packet method of calibration and equipment
CN110050436A (en) Data transmission method, user equipment and control plane node
CN109691017A (en) Message protection method, user equipment and core network device
CN109792435A (en) A network access authorization method, related equipment and system
CN109478958A (en) A data transmission method, device and system
CN111972005A (en) Method and device for establishing transmission path
US9647935B2 (en) Inter-layer quality of service preservation
CN109314860A (en) Security negotiation method, security functional entity, core network element and user equipment
JP2017534214A5 (en)
WO2011143943A1 (en) Method, system and apparatus for establishing end-to-end security connection
CN111567106A (en) Method for paging user equipment, first network equipment and user equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant